You are here:

In the face of allegations that Kaspersky Lab works hand-in-hand with Russian intelligence, the Moscow-based cybersecurity firm published a detailed report Wednesday exposing a complex and expansive cyber-espionage operation orchestrated by what appears to be a Russia-linked hacking group.

The report, authored by Kaspersky’s GReAT research team, reveals some of the techniques, processes and tools used by an attacker with similarities to two known hacking groups, Sofacy and Turla. Both of these groups are considered advanced persistent threats (APTs) and have been linked to the Russian government by U.S. cybersecurity firms CrowdStrike and FireEye.

Kaspersky rarely attributes hacking groups to particular governments.

This latest activity revealed by Kaspersky is codenamed “WhiteBear,” as it resembles but doesn’t match up entirely with known Sofacy or Turla operations. WhiteBear is likely a subgroup within or campaign of Turla group, the firm says.

Based on a technical analysis by Kaspersky, WhiteBear’s recent activity appears to represent a modern